CVE-2019-17398
📋 TL;DR
The Dark Horse Comics Android app version 1.3.21 stores authentication tokens (equivalent to username and password) in system logs during authentication. This allows attackers with physical access or malware on the device to extract credentials via logcat. Only users of this specific Android app version are affected.
💻 Affected Systems
- Dark Horse Comics
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full account access, potentially compromising payment information, personal data, and enabling account takeover across services if credentials are reused.
Likely Case
Local attackers or malware on the device extract authentication tokens to access the victim's Dark Horse Comics account, potentially exposing purchase history and personal information.
If Mitigated
With proper logging controls and app sandboxing, only privileged system users could access logs, significantly reducing exposure.
🎯 Exploit Status
Exploitation requires running logcat commands on the device or having malware that can read system logs. No authentication needed to read logs if device is compromised.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.3.21
Vendor Advisory: No official advisory found
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for Dark Horse Comics 3. Update to latest version 4. Verify version is newer than 1.3.21
🔧 Temporary Workarounds
Disable debug logging
androidPrevent sensitive data from being written to logs
adb shell setprop log.tag.DarkHorseComics ERROR
Revoke app permissions
androidLimit app access to sensitive data
Go to Settings > Apps > Dark Horse Comics > Permissions > Disable all permissions
🧯 If You Can't Patch
- Uninstall the vulnerable app version immediately
- Monitor for suspicious account activity and change passwords if compromised
🔍 How to Verify
Check if Vulnerable:
Check app version in Google Play Store or Settings > Apps > Dark Horse Comics. If version is 1.3.21, you are vulnerable.Check Version:
adb shell dumpsys package com.darkhorse.comics | grep versionNameVerify Fix Applied:
Update app and check that authentication tokens no longer appear in logs: adb logcat | grep -i 'token\|auth\|password'📡 Detection & Monitoring
Log Indicators:
- Authentication tokens, passwords, or sensitive credentials in logcat output
- Log entries containing 'token=', 'auth=', 'password=' from Dark Horse Comics app
Network Indicators:
- Unusual authentication attempts from new devices
- Multiple failed login attempts followed by successful login
SIEM Query:
source="android_logs" app="Dark Horse Comics" (token OR auth OR password) AND severity="DEBUG"